Researchers showed how Cortana could have been abused to bypass the Windows lock screen and hack into enterprise systems. Microsoft released a patch, but variations of the attack may still be possible and other voice assistants could also be affected [Read More]

A behavioral quirk in SAML libraries has left many single-sign-on (SSO) implementations vulnerable and allows an attacker that has gained any authenticated access to trick the system into granting further access as a different user without knowledge of that user's password. [Read More]

NIST has published 'Attribute Metadata: a Proposed Schema for Evaluating Federated Attributes' in order to provide the basis for the evolution of a standardized approach to entity attributes. [Read More]

By using best practices to protect credentials, while at the same time monitoring for leaked credentials and changes in the tools attackers use, you can mitigate the risk of account takeovers to your organization.

Training employees to be aware of credential-based attacks and how to avoid them, as well as adopting the right prevention-based measures, can have a material impact on stopping a common and effective attack techniques.